> "This causes a large number of qemu boot test failures for various architectures (arm, m68k, microblaze, sparc32, xtensa are the ones I observed). Common denominator is that boot hangs at 'Saving random seed:'" This isn't hugely unexpected - we tried it, it failed, so now we'll revert it.
A bit later another commit [1] was merged that makes reads from /dev/urandom opportunistically initialize the RNG. In practice this has the same result as the reverted commit on non-obsolete architectures, which support the jitter entropy generation.
> The jitter entropy technique relies on differences in timing when running the same code, which requires both a high-resolution CPU cycle counter and a CPU that appears to be nondeterministic (due to caching, instruction reordering, speculation, and so on). There are some architectures that do not provide that, however, so no entropy can be gathered that way. Donenfeld noted that non-Amiga m68k systems, two MIPS models (R6000 and R6000A), and, possibly, RISC-V would be affected;
So, I understand not wanting to break RISC-V support, but _should_ people really care about breaking compatibility with early 1990s MIPS chips and a 1979 Motorola CPU?
Clearly Linus and the maintainers of those architectures care enough not to break them (and those architecture maintainers have enough clout to be taken seriously).
How old does a CPU need to be in order to no longer be supported? The 32-bit x86 architecture is nearly 40 years old - should it be retired for being too old?
> So, I understand not wanting to break RISC-V support, but _should_ people really care about breaking compatibility with early 1990s MIPS chips and a 1979 Motorola CPU?
Yes, we care a lot more than about the 2020 MIPS incarnation (you young kids call it RISCV, fooling nobody)
Even though not all architectures have an RTC or strong PRNG instructions, almost all of them have writable storage in the form of NVRAM/NAND/disk.
Why can’t they just patch up the kernel to persist PRNG state there and require that the boot loader recovers it upon reboot? The kernel would then have high quality random data available as soon as it gets launched.
The PRNG state is responsible for generating most of the users cryptographic material and is quite important to the system’s security. As such, the PRNG State is a security parameter that should never be exportable nor importable.
There are many new attacks that could surface if import/export were possible; off the top of my head: quiet preloading of an attacker-selected state while the machine is off.
[+] [-] rdtsc|2 years ago|reply
[1] https://github.com/torvalds/linux/commit/6f98a4bfee72c22f50a... [2] https://github.com/torvalds/linux/commit/0313bc278dac7cd9ce8...
> "This causes a large number of qemu boot test failures for various architectures (arm, m68k, microblaze, sparc32, xtensa are the ones I observed). Common denominator is that boot hangs at 'Saving random seed:'" This isn't hugely unexpected - we tried it, it failed, so now we'll revert it.
[+] [-] Denvercoder9|2 years ago|reply
[1] https://github.com/torvalds/linux/commit/48bff1053c172e6c7f3...
[+] [-] minedwiz|2 years ago|reply
[+] [-] influx|2 years ago|reply
[+] [-] davikr|2 years ago|reply
So, I understand not wanting to break RISC-V support, but _should_ people really care about breaking compatibility with early 1990s MIPS chips and a 1979 Motorola CPU?
[+] [-] snvzz|2 years ago|reply
[+] [-] jasonwatkinspdx|2 years ago|reply
[+] [-] LanzVonL|2 years ago|reply
[+] [-] Palomides|2 years ago|reply
declaration of bias: I have a non-Amiga m68k that can run linux
[+] [-] phone8675309|2 years ago|reply
How old does a CPU need to be in order to no longer be supported? The 32-bit x86 architecture is nearly 40 years old - should it be retired for being too old?
[+] [-] dmitrygr|2 years ago|reply
Yes, we care a lot more than about the 2020 MIPS incarnation (you young kids call it RISCV, fooling nobody)
[+] [-] davidw|2 years ago|reply
[+] [-] bee_rider|2 years ago|reply
[+] [-] dataflow|2 years ago|reply
[+] [-] LtWorf|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] EdSchouten|2 years ago|reply
Why can’t they just patch up the kernel to persist PRNG state there and require that the boot loader recovers it upon reboot? The kernel would then have high quality random data available as soon as it gets launched.
[+] [-] dist-epoch|2 years ago|reply
Imagine a virtual machine snapshot that you start multiple times. The separate runs would have the exact same persisted state.
[+] [-] kurikuri|2 years ago|reply
There are many new attacks that could surface if import/export were possible; off the top of my head: quiet preloading of an attacker-selected state while the machine is off.
[+] [-] soundarana|2 years ago|reply
[+] [-] goalieca|2 years ago|reply
edit: https://github.com/torvalds/linux/blob/55cb5f43689d7a9ea5bf3...
[+] [-] binkHN|2 years ago|reply
[+] [-] bannee|2 years ago|reply
[deleted]
[+] [-] unknown|2 years ago|reply
[deleted]